Posted
by
msmash
on Monday March 19, 2018 @10:55AM
from the you-had-one-job dept.

An anonymous reader writes: Even if Twitter hasn't invested much in anti-bot software, some of its most technically proficient users have. They're writing and refining code that can use Twitter's public application programming interface, or API, as well as Google and other online interfaces, to ferret out fake accounts and bad actors. The effort, at least among the researchers I spoke with, has begun with hunting bots designed to promote pornographic material -- a type of fake account that is particularly easy to spot -- but the plan is to eventually broaden the hunt to other types of bots. The bot-hunting programming and research has been a strictly volunteer, part-time endeavor, but the efforts have collectively identified tens of thousands of fake accounts, underlining just how much low-hanging fruit remains for Twitter to prune.

Among the part-time bot-hunters is French security researcher and freelance Android developer Baptiste Robert, who in February of this year noticed that Twitter accounts with profile photos of scantily clad women were liking his tweets or following him on Twitter. Aside from the sexually suggestive images, the bots had similarities. Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts, liked more tweets than they retweeted, had fewer than 1,000 followers, and directed readers to click the link in their bios.

Posted
by
msmash
on Sunday March 18, 2018 @12:00PM
from the little-things dept.

Quartz: A lot has changed in the life of Richard Appiah Akoto in the fortnight since he posted photos of himself on Facebook drawing a Microsoft Word processing window on a blackboard with multi-colored chalk, to teach his students about computers -- which the school did not have. The photos went viral on social media and media stories like Quartz's went all around the world. Akoto, 33, is the information and communication technology (ICT) teacher at Betenase M/A Junior High School in the town of Sekyedomase, about two and half hours drive north of Ghana's second city, Kumasi. The school had no computers even though since 2011, 14 and 15-year-olds in Ghana are expected to write and pass a national exam (without which students cannot progress to high school) with ICT being one of the subjects.

The story of the school and Twitter pressure from prominent players in the African tech space drew a promise from Microsoft to "equip [Akoto] with a device from one of our partners, and access to our MCE program & free professional development resources on." To fulfill this promise, the technology giant flew Akoto to Singapore this week where he is participating in the annual Microsoft Education Exchange.

Posted
by
msmash
on Sunday March 18, 2018 @10:00AM
from the everything-wrong-with-Facebook dept.

The way Facebook has disclosed the abuse of its system by Cambridge Analytica, which has been reported this week, speaks volumes of Facebook's core beliefs. Sample this except from Business Insider: Facebook executives waded into a firestorm of criticism on Saturday, after news reports revealed that a data firm with ties to the Trump campaign harvested private information from millions of Facebook users. Several executives took to Twitter to insist that the data leak was not technically a "breach." But critics were outraged by the response and accused the company of playing semantics and missing the point. Washington Post reporter Hamza Shaban: Facebook insists that the Cambridge Analytica debacle wasn't a data breach, but a "violation" by a third party app that abused user data. This offloading of responsibility says a lot about Facebook's approach to our privacy. Observer reporter Carole Cadwalladr, who broke the news about Cambridge Analytica: Yesterday Facebook threatened to sue us. Today we publish this. Meet the whistleblower blowing the lid off Facebook and Cambridge Analytica. [...] Facebook's chief strategy officer wading in. So, tell us @alexstamos (who expressed his displeasure with the use of "breach" in media reports) why didn't you inform users of this "non-breach" after The Guardian first reported the story in December 2015? Zeynep Tufekci: If your business is building a massive surveillance machinery, the data will eventually be used and misused. Hacked, breached, leaked, pilfered, conned, "targeted", "engaged", "profiled", sold.. There is no informed consent because it's not possible to reasonably inform or consent. [...] Facebook's defense that Cambridge Analytica harvesting of FB user data from millions is not technically a "breach" is a more profound and damning statement of what's wrong with Facebook's business model than a "breach." MIT Professor Dean Eckles: Definitely fascinating that Joseph Chancellor, who contributed to collection and contract-violating retention (?) of Facebook user data, now works for Facebook. Amir Efrati, a reporter at the Information: May seem like a small thing to non-reporters but Facebook loses credibility by issuing a Friday night press release to "front-run" publications that were set to publish negative articles about its platform. If you want us to become more suspicious, mission accomplished. Further reading: Facebook's latest privacy debacle stirs up more regulatory interest from lawmakers (TechCrunch).

Posted
by
msmash
on Saturday March 17, 2018 @04:00AM
from the you-had-one-job dept.

Tom Warren, writing for The Verge: If you blink during Apple's latest iPhone ad, you might miss a weird little animation bug. It's right at the end of a slickly produced commercial, where the text from an iMessage escapes the animated bubble it's supposed to stay inside. It's a minor issue and easy to brush off, but the fact it's captured in such a high profile ad just further highlights Apple's many bugs in iOS 11. 9to5Mac writer Benjamin Mayo spotted the bug in Apple's latest ad, and he's clearly surprised "that this was signed off for the commercial," especially as he highlighted it months ago and has filed a bug report with Apple.

Posted
by
msmash
on Friday March 16, 2018 @04:00PM
from the oh-facebook dept.

Facebook issued an apology on Friday after offensive terms appeared in the social network's search predictions late Thursday. From a report: When users typed "videos of" into the search bar, Facebook prompted them to search phrases including "videos of sexuals," "videos of girl sucking dick under water" and, perhaps most disturbingly, "video of little girl giving oral." Shocked users reported the problem on Twitter, posting screenshots of the search terms, which also included multiple suggestions relating to the school shooting in Florida last month. The social network appeared to have fixed the problem by Friday morning.

Posted
by
BeauHDon Thursday March 15, 2018 @05:30PM
from the technical-reports dept.

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.

Posted
by
msmash
on Thursday March 15, 2018 @02:30PM
from the eyes-wide-open dept.

Lightning Labs on Thursday announced the beta release of its highly-anticipated Lightning Network Daemon (LND), a developer-friendly software client used to access Bitcoin's Lightning Network, anonymous readers wrote, citing media reports. From a report: Bitcoin supporters believe that the network has the potential to help the cryptocurrency achieve mass adoption. Bitcoin has struggled in recent months with slow and high-fee transactions, which make it harder for bitcoin to achieve mainstream popularity. Lightning Labs, the company behind the network, also announced on Thursday that it has received investments from major financial technology players, including Square chief executive and Twitter co-founder Jack Dorsey and PayPal chief operating officer David Sacks.

Posted
by
msmash
on Thursday March 15, 2018 @11:29AM
from the setting-wrong-precedence dept.

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

Posted
by
BeauHDon Wednesday March 14, 2018 @09:30PM
from the here-we-go-again dept.

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Posted
by
BeauHDon Wednesday March 14, 2018 @05:20PM
from the a-heads-up-would-be-nice dept.

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

Posted
by
msmash
on Tuesday March 13, 2018 @02:40PM
from the privacy-woes dept.

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

Posted
by
msmash
on Tuesday March 13, 2018 @12:00PM
from the stranger-things dept.

Alfred Ng, reporting for CNET: Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer. CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly. An AMD spokesperson said, "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said. Zack Whittaker, a security reporter at CBS, said: Here's the catch: AMD had less than a day to look at the research. No wonder why its response is so vague.

Posted
by
msmash
on Sunday March 11, 2018 @10:05PM
from the change-in-roles dept.

South by Southwest is no longer the preferred launchpad for social apps, but it may be for others like Blue Duck, a San Antonio-based transportation company debuting its scooter service this weekend. From a report: Between Twitter's big breakout moment in 2007 and Meerkat's in 2015, SXSW has served as a great marketing opportunity for social apps. But that's ended as consumer trends have shifted and Hollywood and other consumer companies have taken over the festival. Standing outside the Austin Convention Center, co-founder Eric Bell tells me that he came up with the idea out of frustration with his local public transit, and he designed the scooters. For now, the company is self-funded, but he expects to soon raise outside funding.

Posted
by
msmash
on Sunday March 11, 2018 @11:00AM
from the tough-luck dept.

An anonymous reader shares a report: Continuing its battle against the "tweetdeckers," Twitter suspended on Friday several popular accounts known for stealing tweets or mass-retweeting tweets into manufactured virality. @Dory, @GirlPosts, @SoDamnTrue, Girl Code/@reiatabie, Common White Girl/@commonwhitegiri, @teenagernotes, @finah, @holyfag, and @memeprovider were among the accounts that got swept up in the purge. Many of these accounts were hugely popular, with hundreds of thousands or even millions of followers. In addition to stealing people's tweets without credit, some of these accounts are known as "tweetdeckers" due to their practice of teaming up in exclusive Tweetdeck groups and mass-retweeting one another's -- and paying customers' -- tweets into forced virality. A Twitter spokesperson declined to comment on individual accounts, but BuzzFeed News understands the accounts were suspended for violating Twitter's spam policy.

Posted
by
EditorDavid
on Saturday March 10, 2018 @11:34AM
from the boring-stories dept.

"Remember Elon Musk's plan to dig a massive web of traffic-beating tunnels underneath Los Angeles...?" asks CNN. "Now, that plan appears to be getting a huge makeover." An anonymous reader quotes TechCrunch:
While it will still focus on digging tunnels to provide a network of underground tubes suitable for use by high-speed Hyperloop pods, the plan now is to use that Hyperloop to transport pedestrians and cyclists first, and then only later to work on moving cars around underground to bypass traffic. Musk shared the update via Twitter, noting that the idea would be to load customers onto cars roughly the size that a single parking space takes up currently, [thousands of which] would be dotted around an urban environment close to any destinations where someone might travel. The single-car station model would be designed to replace the current subway-style model, Musk said, where only a few small stations are very spread out... This is a big departure from the original vision, and it seems like one that might have evolved after Musk and his collaborators on the project spoke to urban planners and transit authorities.
"If someone can't afford a car, they should go first," Musk posted on Twitter, sharing a new conceptual video where an elevator lowers one of these pedestrian- and cyclist-focussed shuttle pods underground.

TechCrunch says this new vision "would be appealing both to urban officials looking to decrease congestion on downtown roads and discourage personal vehicle use, and to anyone hoping to increase access to affordable transit options."

Posted
by
msmash
on Friday March 09, 2018 @10:07AM
from the how-about-that dept.

An anonymous reader shares a report: Twitter could one day allow everyone to be verified by one of the company's signature blue ticks, according to CEO Jack Dorsey. In a livestream on Periscope, Dorsey said Thursday that opening verification to more people could help to make sure people on the platform are who they say they are. "The intention is to open verification for everyone, and to do it in a way that is scalable where we (Twitter) are not in the way. And people can verify more facts about themselves and we don't have to be the judge or imply any bias on our part," Dorsey said. Twitter introduced the blue checkmark in 2009. It was initially available to public figures such as celebrities, but has since expanded to others like journalists and bloggers. Users need to apply for the blue tick, explaining why they need one.

Posted
by
BeauHDon Friday March 09, 2018 @03:00AM
from the he-who-smelt-it-dealt-it dept.

A new study shows that people are the prime culprits when it comes to the propagation of misinformation through social networks. Tweets containing falsehoods reach 1,500 people on Twitter six times faster than truthful tweets, the research reveals. Science Magazine reports: The lead author -- Soroush Vosoughi, a data scientist at the Massachusetts Institute of Technology in Cambridge -- and his colleagues collected 12 years of data from Twitter, starting from the social media platform's inception in 2006. Then they pulled out tweets related to news that had been investigated by six independent fact-checking organizations --
websites like PolitiFact, Snopes, and FactCheck.org. They ended up with a data set of 126,000 news items that were shared 4.5 million times by 3 million people, which they then used to compare the spread of news that had been verified as true with the spread of stories shown to be false. They found that whereas the truth rarely reached more than 1000 Twitter users, the most pernicious false news stories routinely reached well over 10,000 people. False news propagated faster and wider for all forms of news -- but the problem was particularly evident for political news, the team reports today in Science. At first the researchers thought that bots might be responsible, so they used sophisticated bot-detection technology to remove social media shares generated by bots. But the results didn't change: False news still spread at roughly the same rate and to the same number of people. By default, that meant that human beings were responsible for the virality of false news.

Posted
by
BeauHDon Thursday March 08, 2018 @08:30PM
from the criminal-action dept.

An anonymous reader quotes a report from TorrentFreak: Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), "Unboxing the Piracy Threat of Streaming Media Boxes" (video) went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content "is becoming obsolete" in an on-demand digital environment that's switching to streaming-based piracy. "There's a criminal enterprise going on here that's stealing content and making a profit," Fried told those in attendance. "The piracy activity out there is bad, it's hurting a lot of economic activity & creators aren't being compensated for their work," he added.

And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday -- perhaps coincidentally, perhaps not -- he suddenly delivered one of his "something is coming" tweets. "The U.S. is acting swiftly on Intellectual Property theft," Trump tweeted. "We cannot allow this to happen as it has for many years!" Given Trump's tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. "To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material," Madigan said.

Posted
by
BeauHDon Thursday March 08, 2018 @06:30PM
from the short-end-of-the-stick dept.

Elon Musk believes China isn't playing fair in the car trade with the U.S. since it puts a 25 percent import duty on American cars, while the U.S. only does 2.5 percent for Chinese cars. "I am against import duties in general, but the current rules make things very difficult," Musk tweeted. "It's like competing in an Olympic race wearing lead shoes." CNBC reports: Tesla's Elon Musk is complaining to President Donald Trump about China's car tariffs. "Do you think the US & China should have equal & fair rules for cars? Meaning, same import duties, ownership constraints & other factors," Musk said on Twitter in response to a Trump tweet about trade with China. He added that no American car company is "allowed to own even 50% of their own factory" in the Asian country, but China's auto firms can own their companies in the U.S. Trump responded to Musk's tweets later at his steel and aluminum tariff press conference Thursday. "We are going to be doing a reciprocal tax program at some point, so that if China is going to charge us 25% or if India is going to charge us 75% and we charge them nothing ... We're going to be at those same numbers. It's called reciprocal, a mirror tax," Trump said after reading Musk's earlier tweets out loud.

Posted
by
msmash
on Thursday March 08, 2018 @04:00PM
from the stranger-than-fiction dept.

Researchers find fake news reaches users up to 20 times faster than factual content -- and real users are more likely to spread it than bots. From a report: "Falsehood flies, and the truth comes limping after it," wrote Jonathan Swift in 1710. Now a group of scientists say they have found evidence Swift was right -- at least when it comes to Twitter. In the paper, published in the journal Science, three MIT researchers describe an analysis of a vast amount of Twitter data: more than 125,000 stories, tweeted more than 4.5 million times in total, all categorised as being true or false by at least one of six independent fact-checking organisations. The findings make for unhappy reading. "Falsehood diffused significantly farther, faster, deeper and more broadly than the truth in all categories of information," they write, "and the effects were more pronounced for false political news than for false news about terrorism, natural disasters, science, urban legends or financial information."

How much further? "Whereas the truth rarely diffused to more than 1,000 people, the top 1% of false-news cascades routinely diffused to between 1,000 and 100,000 people," they write. In other words, true facts don't get retweeted, while too-good-to-be-true claims are viral gold. How much faster? "It took the truth about six times as long as falsehood to reach 1,500 people, and 20 times as long as falsehood to reach a cascade depth of 10" -- meaning that it was retweeted 10 times sequentially (so, for example, B reads A's feed and retweets a tweet, and C then reads B's feed and retweets the same tweet, all the way to J).